[lacnog] Signing of the ARPA zone
Edgardo Leal
edgardo_leal en hotmail.com
Mar Mar 23 17:12:52 BRT 2010
hola creo ke se estan ekivocando con sus mails.... me han esatad mandando una informacion que desconosco y ke no me interesa:)
> From: Joao en c-l-i.net
> To: lacnog en lacnic.net
> Date: Mon, 22 Mar 2010 18:03:06 -0700
> Subject: Re: [lacnog] Signing of the ARPA zone
>
> no hay mucho que decir, la verdad.
> La zona .arpa del DNS está ahora firmada con DNSSEC y se está
> trabajando en limpiar la estructura de delegaciones en arpa para a
> continuación firmar con DNSSEC las zonas contenidas en arpa (por
> ejemplo in-addr.arpa, ip6.arpa, etc), e164.arpa ya está firmada desde
> hace tiempo.
> Ahora se pueden verificar las respuestas de DNS configurando la clave
> para .arpa en su servidor de nombres y a partir de julio, cuando se
> firme también la raíz del DNS (el dominio ".") se podrá seguir la
> cadena de verificaciones desde ahí.
>
> Posteriormente imagino que los RIRs irán firmando sus zonas bajo in-
> addr.arpa e ip6.arpa y asi hasta llegar hasta los usuarios del espacio
> de direcciones que mantienen su propio DNS inverso
>
> Saludos
> Joao
>
> On 22 Mar 2010, at 17:26, Nicolás Ruiz wrote:
>
> > Podría alguien más familiarizado con todo este proceso comentar un
> > poco sobre esto? Yo en particular estoy bien crudo, pero no sé por
> > donde comenzar.
> >
> > nicolás
> >
> > Joe Abley wrote:
> >> Colleagues,
> >> This is a follow-up to the operational announcement regarding
> >> changes to the ARPA top-level domain that was sent on 2010-03-10.
> >> Apologies in advance for duplicates received through different
> >> mailing lists.
> >> As of 2010-03-17 1630 UTC all the authoritative servers for ARPA
> >> are serving a signed ARPA zone.
> >> We would like to solicit feedback from the technical community to
> >> allow us to identify any operational ill-effects that this change
> >> has caused. We will monitor this mailing list for feedback, and I
> >> will also distribute any feedback sent to me personally so that it
> >> can be considered.
> >> If no harmful effects have been identified by 2010-03-21 the trust
> >> anchor for the ARPA zone will be published through the IANA ITAR at
> >> <https://itar.iana.org/>.
> >> Regards,
> >> Joe
> >> Begin forwarded message:
> >>> From: Joe Abley <joe.abley en icann.org>
> >>> Date: 10 March 2010 16:13:46 EST
> >>> To: Joe Abley <joe.abley en icann.org>
> >>> Subject: Signing of the ARPA zone
> >>>
> >>> Colleagues,
> >>>
> >>> This is a technical, operational announcement regarding changes to
> >>> the ARPA top-level domain. Apologies in advance for duplicates
> >>> received through different mailing lists.
> >>>
> >>> No specific action is requested of operators. This message is for
> >>> your information only.
> >>>
> >>> The ARPA zone is about to be signed using DNSSEC. The technical
> >>> parameters by which ARPA will be signed are as follows:
> >>>
> >>> KSK Algorithm and Size: 2048 bit RSA
> >>> KSK Rollover: every 2-5 years, scheduled rollover to follow RFC 5011
> >>> KSK Signature Algorithm: SHA-256
> >>> Validity period for signatures made with KSK: 15 days; new
> >>> signatures published every 10 days
> >>> ZSK Algorithm and Size: 1024 bit RSA
> >>> ZSK Rollover: every 3 months
> >>> ZSK Signature Algorithm: SHA-256
> >>> Authenticated proof of non-existence: NSEC
> >>> Validity period for signatures made with ZSK: 7 days; zone
> >>> generated and re-signed twice per day
> >>>
> >>> The twelve root server operators [1] will begin to serve a signed
> >>> ARPA zone instead of the (current) unsigned ARPA zone during a
> >>> maintenance window which will open at 2010-03-15 0001 UTC and
> >>> close at 2010-03-17 2359 UTC. Individual root server operators
> >>> will carry out their maintenance at times within that window
> >>> according to their own operational preference.
> >>>
> >>> The trust anchor for the ARPA zone will be published in the ITAR
> >>> [2], and in the root zone in the form of a DS record once the root
> >>> zone is signed.
> >>>
> >>> If you have any concerns or require further information, please
> >>> let me know.
> >>>
> >>> Regards,
> >>>
> >>>
> >>> Joe Abley
> >>> Director DNS Operations, ICANN
> >>>
> >>> [1] <http://www.root-servers.org/>
> >>> [2] <https://itar.iana.org/>
> >> _______________________________________________
> >> LACNOG mailing list
> >> LACNOG en lacnic.net
> >> https://mail.lacnic.net/mailman/listinfo/lacnog
> >
> > _______________________________________________
> > LACNOG mailing list
> > LACNOG en lacnic.net
> > https://mail.lacnic.net/mailman/listinfo/lacnog
>
> _______________________________________________
> LACNOG mailing list
> LACNOG en lacnic.net
> https://mail.lacnic.net/mailman/listinfo/lacnog
_________________________________________________________________
Prefiero un día sin coche que sin Messenger
www.vivirmessenger.com
------------ próxima parte ------------
Se ha borrado un adjunto en formato HTML...
URL: <https://mail.lacnic.net/pipermail/lacnog/attachments/20100323/e1de90f4/attachment.html>
Más información sobre la lista de distribución LACNOG